Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-07-06 10:42:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

Removed out of date javadoc reference to SecurityEnforcementFilter.

Browse Source
This commit is contained in:
Luke Taylor 2008-12-06 17:56:24 +00:00
parent 7265a70f0a
commit 9bb64d1974
1 changed files with 106 additions and 108 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
core/src/main/java/org/springframework/security/ui/ExceptionTranslationFilter.java
View File

@ -46,21 +46,17 @@ import javax.servlet.http.HttpServletResponse;
* <p>
* This filter is necessary because it provides the bridge between Java exceptions and HTTP responses.
* It is solely concerned with maintaining the user interface. This filter does not do any actual security enforcement.
* </p>
* <p>
* If an {@link AuthenticationException} is detected, the filter will launch the <code>authenticationEntryPoint</code>.
* This allows common handling of authentication failures originating from any subclass of
* {@link org.springframework.security.intercept.AbstractSecurityInterceptor}.
* </p>
* <p>
* If an {@link AccessDeniedException} is detected, the filter will determine whether or not the user is an anonymous
* user. If they are an anonymous user, the <code>authenticationEntryPoint</code> will be launched. If they are not
* an anonymous user, the filter will delegate to the {@link org.springframework.security.ui.AccessDeniedHandler}.
* By default the filter will use {@link org.springframework.security.ui.AccessDeniedHandlerImpl}.
* </p>
* <p>
* To use this filter, it is necessary to specify the following properties:
* </p>
* <ul>
* <li><code>authenticationEntryPoint</code> indicates the handler that
* should commence the authentication process if an
@ -174,12 +170,14 @@ public class ExceptionTranslationFilter extends SpringSecurityFilter implements
}
/**
* If <code>true</code>, indicates that <code>SecurityEnforcementFilter</code> is permitted to store the target
* If <code>true</code>, indicates that <code>ExceptionTranslationFilter</code> is permitted to store the target
* URL and exception information in the <code>HttpSession</code> (the default).
* In situations where you do not wish to unnecessarily create <code>HttpSession</code>s - because the user agent
* will know the failed URL, such as with BASIC or Digest authentication - you may wish to
* set this property to <code>false</code>. Remember to also set the
* {@link org.springframework.security.context.HttpSessionContextIntegrationFilter#allowSessionCreation}
* will know the failed URL, such as with BASIC or Digest authentication - you may wish to set this property to
* <code>false</code>.
* <p>
* Remember to also set
* {@link org.springframework.security.context.HttpSessionSecurityContextRepository#setAllowSessionCreation(boolean)}
* to <code>false</code> if you set this property to <code>false</code>.
*
* @return <code>true</code> if the <code>HttpSession</code> will be